Build Projects With GitHub Copilot’s New Coding Agent
From idea to code: How Copilot’s agent can be your new project partner.
Developers everywhere are changing how they build, here’s what’s powering the shift.
Microsoft Build 2025
Microsoft just dropped over 50 groundbreaking announcements about AI and the future of cloud computing.
GitHub’s new Copilot Coding Agent brings a real shift in how we work. Instead of just assisting you line by line, Copilot can now take on full development tasks: Picking up issues, drafting pull requests, planning solutions, and updating code.
In this newsletter, I’ll walk you through exactly how it works.
You’ll see how easy it is to:
Assign an issue to Copilot,
Watch it draft a pull request with a live updating plan,
Review its changes and understand how it got there,
And stay in control with built in security and approvals.
Pull Requests, Reimagined for 2025
Here’s a mock demo of a front end web app, nothing fancy, just a classic setup using React and Next.js, running locally with Node.js.
Right here, you can see the source code in the repository, standard stuff for the front end of a modern project.
Like any real world project, we’ve got a list of open issues.
And this is exactly where things get interesting, because now, instead of tackling these issues yourself, or adding them into your ever growing “Tech Debt” you can assign them directly to GitHub Copilot’s new Coding Agent and let it get to work.
Assigning the Issue and Watching Copilot Work
Once we assign the issue, Copilot immediately spins up a Canvas space (Copilot Virtual Autonomous Agent Space) and creates a draft pull request.
Inside that draft PR, it gets straight to work, starting with a to do list that outlines every step it plans to take.
It’s like watching a senior developer break down a task: Clear goals, structured planning, and detailed with the addition meaningful commits along the way.
What’s Happening Under the Hood
Naturally, we want to know what Copilot is actually doing behind the scenes.
If we click into the Session view, we can see exactly that.
Copilot is able to execute bash commands and access tools, working just like a local developer. You’ll spot it running familiar tasks like, changing directory with cd or running npm build, but not just that, it also runs tests and validates its work before moving on.
Even better, we can enrich these sessions with external context:
If we linked the issue to something like Notion, Jira, or any service with an MCP server, Copilot would pull that extra data into its workflow to understand the task even better.
Reviewing the Work and Thinking About Security
Once Copilot finishes, we get a complete summary, both from a technical and non technical point of view.
This is where we can step in and do a manual review, just like we would in a more traditional pull request.
You can dive into the individual file changes, line by line diffs, and commit history, exactly how you’d expect.
From here, you can check out the branch locally if you want to test things yourself, or go ahead and merge it directly if you’re happy with the work.
Now, I hear you.
I work in cybersecurity myself, and believe me, I had my concerns at first too.
Here’s the good news:
Copilot only has read access to your GitHub repo: With one exception: it can push to a draft branch, but it can’t touch your main branch.
It operates with limited network access: Meaning the agent can’t just call out to the internet at will.
If you want Copilot to access external data (like Notion, Jira, or any MCP server), you can configure that: But it all starts with a default secure firewall setup.
Actions and workflows don’t run without explicit human approval.
And crucially, the person who assigns a task to Copilot can’t approve the resulting PR.
In short: “Copilot is treated like a semi-trusted contributor”, not an admin, and the platform has been built with security top of mind.
Now, I’ve just given you the quick tour here, but if you want the deep dive (and trust me, it’s worth it), check out this demo from Tim Rogers & Luke Hoban at Microsoft Build 2025.
They break down not just how Copilot’s coding agents work under the hood, but also show:
How to assign issues using the GitHub CLI and mobile app,
How to integrate with third party MCP servers like Terraform for a true agentic coding experience.
Or, if you prefer, you can read the Official GitHub Blog Post Here for the full announcement and details.
Thank you for reading: Keep it secure, keep it light-hearted!
WJPearce - CyberBrew
Full transparency:
This issue was made possible thanks to Microsoft’s support. I only partner with companies I truly believe in, and what they’re doing here genuinely excites me. I’m in this for the long haul and I think learning this stuff will help you stand out.
Amazing stuff. It had to happen eventually I guess but particularly pleased they've taken permissions and security seriously. To think the best is still yet to come in Ai is awesome. Great stuff!